Vulnerabilities > Microsoft > IE > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-30 | CVE-2007-1765 | Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. | 9.3 |
| 2007-03-17 | CVE-2007-1499 | Cross-Site Scripting vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | 4.3 |
| 2007-03-02 | CVE-2006-7065 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | 5.0 |
| 2007-02-26 | CVE-2007-1114 | Cross-Site Scripting vulnerability in Microsoft IE 7.0 The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. network microsoft | 4.3 |
| 2007-02-26 | CVE-2007-1091 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. network microsoft | 6.8 |
| 2007-01-31 | CVE-2007-0612 | Unspecified vulnerability in Microsoft IE and Internet Explorer Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. | 7.8 |
| 2007-01-19 | CVE-2007-0356 | Remote Denial of Service vulnerability in FolderTreeView ActiveX Control The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | 5.0 |
| 2006-12-20 | CVE-2006-6659 | Remote Internet Explorer Denial of Service vulnerability in Microsoft IE, Outlook and Windows XP The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | 5.0 |
| 2006-11-15 | CVE-2006-5913 | Remote Security vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | 6.4 |
| 2006-11-08 | CVE-2006-5805 | Remote Security vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. | 5.0 |